home

ouxbr.pif

The file ouxbr.pif has been detected as malware by 3 anti-virus scanners. While running, it connects to the Internet address apache2-yak.zarniwoop.dreamhost.com on port 80 using the HTTP protocol.
MD5:
13fbd90f936f73460ceb9a74a4e5bc6f

SHA-1:
4beb307f2fae86bfabcac29dc0c1d3d53d6b1cea

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/27/2024 6:00:37 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160917-0

Clam AntiVirus
Win.Trojan.Agent-36126
0.98/23018

ESET NOD32
Win32/Sality virus
6.3.12010.0

File size:
100.7 KB (103,140 bytes)

File PE Metadata
Compilation timestamp:
2/10/2002 5:45:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1040

Entry point:
E8, 00, 00, 00, 00, 5B, 81, C3, 96, 02, 00, 00, 53, 8A, ED, C3, 08, 10, 40, 00, 6A, 00, FF, 15, 00, 10, 40, 00, C3, 90, 90, 90, 9C, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BA, 10, 00, 00, 00, 10, 00, 00, A4, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D6, 10, 00, 00, 08, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AC, 10, 00, 00, 00, 00, 00, 00, C8, 10, 00, 00, 00, 00, 00, 00, 7D, 00, 45, 78, 69, 74, 50, 72, 6F, 63, 65, 73, 73, 00, 4B, 45, 52, 4E, 45, 4C...
 
[+]

Code size:
512 Bytes (512 bytes)

Windows Firewall Allowed Program
Name:
D:\ouxbr.pif


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to apache2-yak.zarniwoop.dreamhost.com  (173.236.154.78:80)

TCP (HTTP):
Connects to windows12.internetbilisim.net  (185.126.217.250:80)

TCP (HTTP):
Connects to win04-host-kb.turkticaret.net  (31.186.8.104:80)

TCP (HTTP):
Connects to neptune.corpservers.net  (63.247.87.162:80)

Remove ouxbr.pif - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.